Blog

Report States Bots Account For 20 Percent Of Web Traffic

How much of the web's traffic would you estimate to be fake, if you had to guess? The answer to that question might surprise you. According to the 2019 Bad Bot Report published security firm Distil Networks, the answer is just over twenty percent. 20.4 percent to be precise.

More than one fifth of all traffic on the web is generated by bots.

As staggering as that figure is, it's actually down slightly from last year. Distil Networks says not to read too much into the slight dip, reporting that 75 percent of the bot traffic is generated by what it calls APB's, or Advanced Persistent Bots. APB's are able to cycle through IP addresses randomly carrying out whatever instructions their creators have outfitted them with. As these persistent bots become increasingly commonplace, we can expect their share of traffic to increase over time.

The report indicates, perhaps unsurprisingly, that the financial sector is on the receiving end of the majority of bot traffic. A full 42 percent of the bots are aimed at that sector alone, with the majority of this traffic driven by credential stuffing style attacks aimed at hijacking user accounts for financial gain.

Other popular bot traffic destinations included:

Ticketing portals, where 39 percent of all traffic was bot-driven

Education sites, where 38 percent of all traffic was bot-driven

Government websites, where 30 percent was bot-driven

Also unsurprisingly, the bulk of bot traffic (53 percent) originated in the United States, although Russia and the Ukraine accounted for nearly half of all blocking requests from Distil customers.

According to Tiffany Olson Kleemann, Distil Networks' CEO,

"Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before."

The bottom line is simply this: Bot traffic is bad for business. It costs you time and money, and it potentially puts your systems and your proprietary data at risk.